svn commit: trunk/busybox/archival/libunarchive
landley at busybox.net
landley at busybox.net
Mon Feb 20 02:18:04 UTC 2006
Author: landley
Date: 2006-02-19 18:18:03 -0800 (Sun, 19 Feb 2006)
New Revision: 14137
Log:
The gentoo security guys found another way to segfault busybox's decompression
code: we can do a null dereference if one of our huffman tables has all zero
length codes. This fixes it. (Thanks solar.)
Modified:
trunk/busybox/archival/libunarchive/decompress_unzip.c
Changeset:
Modified: trunk/busybox/archival/libunarchive/decompress_unzip.c
===================================================================
--- trunk/busybox/archival/libunarchive/decompress_unzip.c 2006-02-20 00:20:46 UTC (rev 14136)
+++ trunk/busybox/archival/libunarchive/decompress_unzip.c 2006-02-20 02:18:03 UTC (rev 14137)
@@ -271,7 +271,7 @@
if (c[0] == n) { /* null input--all zero length codes */
*t = (huft_t *) NULL;
*m = 0;
- return 0;
+ return 2;
}
/* Find minimum and maximum length, bound *m by those */
More information about the busybox-cvs
mailing list